fix 7963
This commit is contained in:
florian HENRY
parent
968bb8a100
commit
fdedd6f75b
@ -106,7 +106,7 @@ if (is_array($changeaccount) && count($changeaccount) > 0) {
|
||||
$db->begin();
|
||||
|
||||
$sql1 = "UPDATE " . MAIN_DB_PREFIX . "expensereport_det as erd";
|
||||
$sql1 .= " SET erd.fk_code_ventilation=" . GETPOST('account_parent');
|
||||
$sql1 .= " SET erd.fk_code_ventilation=" . GETPOST('account_parent','int');
|
||||
$sql1 .= ' WHERE erd.rowid IN (' . implode(',', $changeaccount) . ')';
|
||||
|
||||
dol_syslog('accountancy/expensereport/lines.php::changeaccount sql= ' . $sql1);
|
||||
|
||||
@ -114,7 +114,7 @@ if (is_array($changeaccount) && count($changeaccount) > 0) {
|
||||
$db->begin();
|
||||
|
||||
$sql1 = "UPDATE " . MAIN_DB_PREFIX . "facture_fourn_det as l";
|
||||
$sql1 .= " SET l.fk_code_ventilation=" . GETPOST('account_parent');
|
||||
$sql1 .= " SET l.fk_code_ventilation=" . GETPOST('account_parent','int');
|
||||
$sql1 .= ' WHERE l.rowid IN (' . implode(',', $changeaccount) . ')';
|
||||
|
||||
dol_syslog('accountancy/supplier/lines.php::changeaccount sql= ' . $sql1);
|
||||
|
||||
@ -127,7 +127,7 @@ if ($_POST["delete"])
|
||||
|
||||
// Supprime boite box_external_rss de definition des boites
|
||||
$sql = "SELECT rowid FROM ".MAIN_DB_PREFIX."boxes_def";
|
||||
$sql.= " WHERE file = 'box_external_rss.php' AND note LIKE '".GETPOST("norss")." %'";
|
||||
$sql.= " WHERE file = 'box_external_rss.php' AND note LIKE '".$db->escape(GETPOST("norss"))." %'";
|
||||
|
||||
$resql=$db->query($sql);
|
||||
if ($resql)
|
||||
@ -268,19 +268,19 @@ if ($resql)
|
||||
print '</td>';
|
||||
print "</tr>";
|
||||
|
||||
|
||||
|
||||
print '<tr class="oddeven">';
|
||||
print "<td width=\"100px\">".$langs->trans("Title")."</td>";
|
||||
print "<td><input type=\"text\" class=\"flat minwidth300\" name=\"external_rss_title_" . $idrss . "\" value=\"" . $conf->global->$keyrsstitle . "\"></td>";
|
||||
print "</tr>";
|
||||
|
||||
|
||||
|
||||
print '<tr class="oddeven">';
|
||||
print "<td>".$langs->trans("URL")."</td>";
|
||||
print "<td><input type=\"text\" class=\"flat minwidth300\" name=\"external_rss_urlrss_" . $idrss . "\" value=\"" . $conf->global->$keyrssurl . "\"></td>";
|
||||
print "</tr>";
|
||||
|
||||
|
||||
|
||||
print '<tr class="oddeven">';
|
||||
print "<td>".$langs->trans("Status")."</td>";
|
||||
print "<td>";
|
||||
@ -301,7 +301,7 @@ if ($resql)
|
||||
// Logo
|
||||
if ($result > 0 && empty($rss->error))
|
||||
{
|
||||
|
||||
|
||||
print '<tr class="oddeven">';
|
||||
print "<td>".$langs->trans("Logo")."</td>";
|
||||
print '<td>';
|
||||
|
||||
@ -92,11 +92,16 @@ if ($user->rights->banque->consolidate && $action == 'donext')
|
||||
|
||||
if ($action == 'confirm_delete_categ' && $confirm == "yes" && $user->rights->banque->modifier)
|
||||
{
|
||||
$sql = "DELETE FROM ".MAIN_DB_PREFIX."bank_class WHERE lineid = ".$rowid." AND fk_categ = ".GETPOST("cat1");
|
||||
if (! $db->query($sql))
|
||||
{
|
||||
dol_print_error($db);
|
||||
}
|
||||
$cat1=GETPOST("cat1",'int');
|
||||
if (!empty($rowid) && !empty($cat1)) {
|
||||
$sql = "DELETE FROM ".MAIN_DB_PREFIX."bank_class WHERE lineid = ".$rowid." AND fk_categ = ".$cat1;
|
||||
if (! $db->query($sql))
|
||||
{
|
||||
dol_print_error($db);
|
||||
}
|
||||
} else {
|
||||
setEventMessage('Missing ids','errors');
|
||||
}
|
||||
}
|
||||
|
||||
if ($user->rights->banque->modifier && $action == "update")
|
||||
|
||||
@ -141,7 +141,7 @@ if ($user->rights->fournisseur->facture->lire)
|
||||
|
||||
if (dol_strlen(GETPOST('sf_re')) > 0)
|
||||
{
|
||||
$sql .= " AND f.ref_supplier LIKE '%".GETPOST('sf_re')."%'";
|
||||
$sql .= " AND f.ref_supplier LIKE '%".$db->escape(GETPOST('sf_re'))."%'";
|
||||
}
|
||||
|
||||
$sql.= " GROUP BY s.rowid, s.nom, f.rowid, f.ref, f.ref_supplier, f.total_ht, f.total_ttc, f.datef, f.date_lim_reglement, f.paye, f.fk_statut";
|
||||
|
||||
@ -409,12 +409,12 @@ if (empty($reshook))
|
||||
if ($action == 'update_price_by_qty')
|
||||
{
|
||||
// Récupération des variables
|
||||
$rowid = GETPOST('rowid');
|
||||
$priceid = GETPOST('priceid');
|
||||
$newprice = price2num(GETPOST("price"), 'MU');
|
||||
$rowid = GETPOST('rowid','int');
|
||||
$priceid = GETPOST('priceid','int');
|
||||
$newprice = price2num(GETPOST("price",'int'), 'MU');
|
||||
// $newminprice=price2num(GETPOST("price_min"),'MU'); // TODO : Add min price management
|
||||
$quantity = GETPOST('quantity');
|
||||
$remise_percent = price2num(GETPOST('remise_percent'));
|
||||
$quantity = GETPOST('quantity','int');
|
||||
$remise_percent = price2num(GETPOST('remise_percent','int'));
|
||||
$remise = 0; // TODO : allow discount by amount when available on documents
|
||||
|
||||
if (empty($quantity)) {
|
||||
@ -442,7 +442,7 @@ if (empty($reshook))
|
||||
$sql .= " quantity=" . $quantity . ",";
|
||||
$sql .= " remise_percent=" . $remise_percent . ",";
|
||||
$sql .= " remise=" . $remise;
|
||||
$sql .= " WHERE rowid = " . GETPOST('rowid');
|
||||
$sql .= " WHERE rowid = " . $rowid;
|
||||
|
||||
$result = $db->query($sql);
|
||||
if (! $result) dol_print_error($db);
|
||||
@ -458,22 +458,28 @@ if (empty($reshook))
|
||||
|
||||
if ($action == 'delete_price_by_qty')
|
||||
{
|
||||
$rowid = GETPOST('rowid');
|
||||
$rowid = GETPOST('rowid','int');
|
||||
if (!empty($rowid)) {
|
||||
$sql = "DELETE FROM " . MAIN_DB_PREFIX . "product_price_by_qty";
|
||||
$sql .= " WHERE rowid = " . $rowid;
|
||||
|
||||
$sql = "DELETE FROM " . MAIN_DB_PREFIX . "product_price_by_qty";
|
||||
$sql .= " WHERE rowid = " . GETPOST('rowid');
|
||||
|
||||
$result = $db->query($sql);
|
||||
$result = $db->query($sql)
|
||||
} else {
|
||||
setEventMessage('delete_price_by_qty Missing Ids','errors');
|
||||
}
|
||||
}
|
||||
|
||||
if ($action == 'delete_all_price_by_qty')
|
||||
{
|
||||
$priceid = GETPOST('priceid');
|
||||
|
||||
$priceid = GETPOST('priceid','int');
|
||||
if (!empty($rowid)) {
|
||||
$sql = "DELETE FROM " . MAIN_DB_PREFIX . "product_price_by_qty";
|
||||
$sql .= " WHERE fk_product_price = " . $priceid;
|
||||
|
||||
$result = $db->query($sql);
|
||||
} else {
|
||||
setEventMessage('delete_all_price_by_qty Missing Ids','errors');
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
@ -485,7 +491,7 @@ if (empty($reshook))
|
||||
|
||||
$maxpricesupplier = $object->min_recommended_price();
|
||||
|
||||
$update_child_soc = GETPOST('updatechildprice');
|
||||
$update_child_soc = GETPOST('updatechildprice','int');
|
||||
|
||||
// add price by customer
|
||||
$prodcustprice->fk_soc = GETPOST('socid', 'int');
|
||||
@ -585,7 +591,7 @@ if (empty($reshook))
|
||||
{
|
||||
$maxpricesupplier = $object->min_recommended_price();
|
||||
|
||||
$update_child_soc = GETPOST('updatechildprice');
|
||||
$update_child_soc = GETPOST('updatechildprice','int');
|
||||
|
||||
$prodcustprice->fetch(GETPOST('lineid', 'int'));
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user